robbie 0 Report post Posted April 9, 2009 Trend Micro Internet Security has picked up a TROJ_Generic.Z01 threat on my computer: Infected file: Adobelmsvc Installer.dll Infected file location: C:\Program Files\Adobe\Adobe InDesign CS2\ I deleted the infected file (via Trend) and then re-installed the missing file (as InDesign wouldn't open without it) but now the newly installed file is infected. The CS2 discs that I used to re-install the file from are genuine Adobe discs that I purchased 2 years ago. I've done an Ad-Aware AE scan and the scan was completed successfully without any malicious objects detected. Please let me know if you need any further info. Thank you very much in advance for your help. ____ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:01:37 PM, on 09-04-20099 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe c:\APPS\HIDSERVICE\HIDSERVICE.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe C:\WINDOWS\system32\svchost.exe c:\APPS\Powercinema\Kernel\TV\CLSched.exe C:\Program Files\Trend Micro\BM\TMBMSRV.exe C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe C:\WINDOWS\system32\keyhook.exe C:\Apps\Powercinema\PCMService.exe C:\apps\ABoard\ABoard.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe C:\apps\ABoard\AOSD.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe C:\Program Files\HP\Digital Imaging\Bin\hpqSTE08.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe C:\PROGRA~1\TRENDM~1\INTERN~3\TmPfw.exe C:\Program Files\Trend Micro\Internet Security\TmProxy.exe C:\Program Files\LimeWire\LimeWire.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\Internet Explorer\iexplore.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [siS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe" O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PDF3 Registry Controller] "C:\Program Files\ScanSoft\PDF Professional 3.0\\RegistryController.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [ufSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" O4 - HKLM\..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe" O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: LUMIX Simple Viewer.lnk = ? O4 - Global Startup: WG111v2 Smart Wizard Wireless Setting.lnk = ? O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Open with Scansoft PDF Converter 3.0 - res://C:\Program Files\ScanSoft\PDF Professional 3.0\IEShellExt.dll /100 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab O16 - DPF: {65F31DBD-290F-44F8-9B18-47F5AE400A04} (RAS_Watch Control) - http://www.gould.edu.au/wildlifecams/RasWatch.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1138845419906 O17 - HKLM\System\CCS\Services\Tcpip\..\{20EACA06-B73E-4EAE-862E-6873704F29F7}: Domain = qld.bigpond.net.au O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: MaxBackServiceInt - Unknown owner - C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe O23 - Service: MaxSyncService (NTService1) - - C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~3\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- End of file - 14065 bytes Share this post Link to post Share on other sites
blade81 3 Report post Posted April 11, 2009 Hi Upload the file to http://www.virustotal.com to see what results the scanners there give to you. Share this post Link to post Share on other sites
robbie 0 Report post Posted April 11, 2009 Hi Upload the file to http://www.virustotal.com to see what results the scanners there give to you. Hi Blade81 Thanks heaps for assisting me with this problem. I've uploaded the file to virustotal as requested and the scanners found nothing. When I browsed for the file and clicked on it to upload, Trend Micro Internet Security popped up another warning that the file is infected....weird! The report from virustotal is below: File Adobelmsvc_Installer.dll received on 04.11.2009 15:38:40 (CET) Current status: finished Result: 0/38 (0.00%) Compact Print results Antivirus Version Last Update Result a-squared 4.0.0.101 2009.04.11 - AhnLab-V3 5.0.0.2 2009.04.11 - AntiVir 7.9.0.138 2009.04.10 - Antiy-AVL 2.0.3.1 2009.04.11 - Authentium 5.1.2.4 2009.04.10 - Avast 4.8.1335.0 2009.04.10 - AVG 8.5.0.285 2009.04.11 - BitDefender 7.2 2009.04.11 - CAT-QuickHeal 10.00 2009.04.10 - Comodo 1110 2009.04.11 - DrWeb 4.44.0.09170 2009.04.11 - eSafe 7.0.17.0 2009.04.07 - eTrust-Vet 31.6.6450 2009.04.11 - F-Prot 4.4.4.56 2009.04.10 - F-Secure 8.0.14470.0 2009.04.11 - Fortinet 3.117.0.0 2009.04.11 - GData 19 2009.04.11 - Ikarus T3.1.1.49.0 2009.04.11 - K7AntiVirus 7.10.700 2009.04.11 - Kaspersky 7.0.0.125 2009.04.11 - McAfee 5580 2009.04.10 - McAfee+Artemis 5580 2009.04.10 - McAfee-GW-Edition 6.7.6 2009.04.10 - Microsoft 1.4502 2009.04.11 - NOD32 4001 2009.04.11 - Norman 6.00.06 2009.04.09 - nProtect 2009.1.8.0 2009.04.11 - Panda 10.0.0.14 2009.04.11 - PCTools 4.4.2.0 2009.04.08 - Prevx1 V2 2009.04.11 - Rising 21.24.52.00 2009.04.11 - Sophos 4.40.0 2009.04.11 - Sunbelt 3.2.1858.2 2009.04.10 - Symantec 1.4.4.12 2009.04.11 - TheHacker 6.3.4.0.305 2009.04.10 - TrendMicro 8.700.0.1004 2009.04.10 - ViRobot 2009.4.10.1688 2009.04.10 - VirusBuster 4.6.5.0 2009.04.11 - Additional information File size: 287232 bytes MD5...: 1c56c50381d54aa93e6e128f0aaa4977 SHA1..: eb2b76d35e574904a26ecbeb895fb34fc3d5550b SHA256: 539a05ca6b5e6b1782a686a6a0a699cf2416009dd83db6b0c7001d6e281b9fce SHA512: 111354921f1d21778b8f1fa248147b87721a1486c83ae9400bc6b1176bafcac0 ba4bd036922bd56f63cb8b945682d1160809c43b58ee66a868640e8779e32689 ssdeep: 6144:DMSuGPTFd8bedkK3BddznPR8ddZzFVTSHJESSj796l:DMC4ed53nRR8dbyH JD+7kl PEiD..: Armadillo v1.xx - v2.xx TrID..: File type identification Win64 Executable Generic (59.6%) Win32 Executable MS Visual C++ (generic) (26.2%) Win32 Executable Generic (5.9%) Win32 Dynamic Link Library (generic) (5.2%) Generic Win/DOS Executable (1.3%) PEInfo: PE Structure information ( base data ) entrypointaddress.: 0xf9b1 timedatestamp.....: 0x41de9631 (Fri Jan 07 14:01:21 2005) machinetype.......: 0x14c (I386) ( 5 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x173d6 0x17400 6.63 de0ccada755c2103a11c1fe995587ce4 .rdata 0x19000 0x3df4 0x3e00 5.00 3f4fcacb663e60308fdab3539f7feb8e .data 0x1d000 0x5570 0x3800 1.91 109d23f5569136e057d99eab1075fea6 .rsrc 0x23000 0x24d38 0x24e00 5.57 382a46cff869f76322b81abcb28138d2 .reloc 0x48000 0x2450 0x2600 5.11 a7fc149ad64eceb4a9a9fddf7d775c0d ( 4 imports ) > VERSION.dll: GetFileVersionInfoSizeA, GetFileVersionInfoA, VerQueryValueA > ADVAPI32.dll: CreateServiceA, DeleteService, RegDeleteValueA, RegQueryValueExA, RegQueryInfoKeyA, RegEnumKeyExA, RegDeleteKeyA, RegCloseKey, RegOpenKeyExA, QueryServiceStatus, OpenServiceA, OpenSCManagerA, ControlService, QueryServiceConfigA, ChangeServiceConfigA, RegEnumValueA, CloseServiceHandle, StartServiceA, SetServiceObjectSecurity, SetSecurityDescriptorDacl, InitializeSecurityDescriptor, GetAce, GetAclInformation, GetSecurityDescriptorDacl, QueryServiceObjectSecurity, RegCreateKeyExA, RegSetValueExA > KERNEL32.dll: GetVersionExA, DeviceIoControl, CloseHandle, CreateFileA, GetLastError, GetShortPathNameA, UnmapViewOfFile, MapViewOfFile, CreateFileMappingA, GetFileSize, lstrcmpiA, Sleep, CopyFileA, SetFileAttributesA, DeleteFileA, GetTempFileNameA, MoveFileExA, GetWindowsDirectoryA, CreateDirectoryA, RemoveDirectoryA, GetFileAttributesA, ReadFile, SetFilePointer, GetModuleFileNameA, FreeLibrary, GetProcAddress, LoadLibraryA, GetDriveTypeA, GetLogicalDrives, FindClose, FindNextFileA, FindFirstFileA, lstrlenA, LockResource, SizeofResource, LoadResource, FindResourceA, GetModuleHandleA, CallNamedPipeA, LocalFree, HeapFree, HeapAlloc, GetProcessHeap, GetSystemDirectoryA, LCMapStringW, LCMapStringA, SetEndOfFile, CreateMutexA, WaitForSingleObject, ReleaseMutex, RtlUnwind, RaiseException, GetCurrentDirectoryA, GetFullPathNameA, GetCommandLineA, GetVersion, GetCurrentThreadId, TlsSetValue, TlsAlloc, TlsFree, SetLastError, TlsGetValue, InitializeCriticalSection, DeleteCriticalSection, EnterCriticalSection, LeaveCriticalSection, ExitProcess, SetUnhandledExceptionFilter, GetCPInfo, GetACP, GetOEMCP, WideCharToMultiByte, MultiByteToWideChar, InterlockedDecrement, InterlockedIncrement, TerminateProcess, GetCurrentProcess, HeapReAlloc, HeapSize, WriteFile, SetHandleCount, GetStdHandle, GetFileType, GetStartupInfoA, FreeEnvironmentStringsA, FreeEnvironmentStringsW, GetEnvironmentStrings, GetEnvironmentStringsW, GetEnvironmentVariableA, HeapDestroy, HeapCreate, VirtualFree, VirtualAlloc, IsBadWritePtr, IsBadReadPtr, IsBadCodePtr, GetStringTypeA, GetStringTypeW, SetStdHandle, FlushFileBuffers > USER32.dll: KillTimer, EndDialog, SetTimer, GetDlgItem, SetWindowTextA, DialogBoxParamA ( 21 exports ) CdaSysGetCurrentBranding, CdaSysGetLastError, CdaSysGetTrackedErrors, CdaSysInstall, CdaSysInstallByShell, CdaSysInstallEx, CdaSysInstallExAdv, CdaSysInstallForProduct, CdaSysInstallForProductEx, CdaSysLicenseUninstall, CdaSysLicenseUninstallType, CdaSysModifyConfig, CdaSysModifyServiceDescription, CdaSysQueryInstalledProducts, CdaSysUnInstall, CdaSysUnInstallLicense, CdaSysUninstallExAdv, CdaSysUninstallForProduct, CdaSysUninstallLicenseType, UninstInitialize, UninstUnInitialize RDS...: NSRL Reference Data Set ( Adobe Systems Incorporated ) > Creative Suite 2 Premium: _C2AA5122BCF444879B6D2F51D46220E0 Share this post Link to post Share on other sites
blade81 3 Report post Posted April 11, 2009 Hi Quite likely that finding is a false positive since none of the scanners detected it (even Trend Micro's one didn't see anything bad). Guess you may put the file on ignored list. Share this post Link to post Share on other sites
robbie 0 Report post Posted April 11, 2009 Hi Quite likely that finding is a false positive since none of the scanners detected it (even Trend Micro's one didn't see anything bad). Guess you may put the file on ignored list. Hi Blade81 Glad to here there's no infection! Thanks again for your help. Love your work! warmest regards, Robbie. Share this post Link to post Share on other sites
blade81 3 Report post Posted April 12, 2009 Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. If you're the topic starter, and need this topic reopened, please contact the staff member who was helping you with your issue. Everyone else please begin a New Topic. Thank you ! Share this post Link to post Share on other sites